| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Memory corruption when the payload received from firmware is not as per the expected protocol size. |
| Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper. |
| Memory corruption while playing audio file having large-sized input buffer. |
| Memory corruption during concurrent access to server info object due to unprotected critical field. |
| Memory corruption in Core Services while executing the command for removing a single event listener. |
| Memory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage request. |
| Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element. |
| Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size. |
| Memory corruption when two threads try to map and unmap a single node simultaneously. |
| Memory Corruption in Modem due to double free while parsing the PKCS15 sim files. |
| Memory corruption while processing MBSSID beacon containing several subelement IE. |
| Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command. |
| Information disclosure in WLAN HAL while handling command through WMI interfaces. |
| Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver. |
| Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received. |
| Memory corruption while parsing qcp clip with invalid chunk data size. |
| Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan. |
| Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. |
| Transient DOS while parsing probe response and assoc response frame. |
| Memory corruption while invoking IOCTLs calls in Automotive Multimedia. |
